Preparation

Before installing ViMbAdmin we need to install some PHP stuff. First of all I’m going to be using PHP version 7. We are using the latest version of CentOS and Postfix, we might as well go with the latest PHP. I have written a guide here for installing PHP 7 on your server. Make sure you install the php70w-pgsql package. You will also need mcrypt, composer and git:

We need to change the Database connection properties so that ViMbAdmin will use our PostgreSQL database instead of MySQL. Make the settings in your file look like the ones below, substituting yourpasswordhere for the password you created in the previous section:

The next thing we have to do is set access to the .htaccess permissions:

cp $INSTALL_PATH/public/.htaccess.dist $INSTALL_PATH/public/.htaccess

Create the Database

The first thing we have to do is allow the administrator user we created in the previous section to connect to the database, we do that by editing “/var/lib/pgsql/data/pg_hba.conf”:

nano /var/lib/pgsql/data/pg_hba.conf

Scroll to the bottom and add the following line under “# IPv4 local connections:”

host vimbadmin vimbadmin 127.0.0.1/32 md5

It should look like this:

After making these changes, restart PostgreSQL:

systemctl restart postgresql

Now change back to your install directory if your not already there:

cd $INSTALL_PATH

Run this command to create the database:

./bin/doctrine2-cli.php orm:schema-tool:create

If it was successful it should look like this:

Webserver Configuration

ViMbAdmin is installed, now we need to tell Apache to serve the files. For security reasons, I like to move the management page off the standard HTTP and HTTPS ports. We are still going to be using HTTPS to host the page but lets put it on port 7025. Earlier I had you install Apache, and mod_ssl (for serving HTTPS pages) so lets configure those.

Configuring Apache

All the Apache configuration files are stored in “/etc/httpd/” the HTTPS configuration is stored at “/etc/httpd/conf.d/ssl.conf” but we are going to be working with port 7025, so lets make a new configuration file:

nano /etc/httpd/conf.d/vimbadmin.conf

Configure Apache to listen on our new port and setup the new Virtual Host. Copy and past the following into the new file you just opened: Be sure to modify the ServerName and the certificate names. Notice we are re-using the same certificates we used for Postfix, if you need to look up these names you can find them in “/etc/postfix/certs”.

Now we can restart Apache, configure it to start on boot, and it should be serving ViMbAdmin. (You won’t be able to access it yet without opening the port in your firewall.)

systemctl restart httpd
systemctl enable httpd

The firewall portion of this guide might differ a bit from your server. I always replace the new firewalld service in CentOS 7 with standard iptables so the firewall behaves in the same way as CentOS 6 because that is what I’m used to. Here is a quick run-down on how to do that before I give you the rule you need to add to open port 7025:

Side-Note: Replace CentOS 7 “firewalld” with “iptables”

I’m much more comfortable with iptables than with the new firewalld service. So here is a quick HowTo for replacing firewalld with iptables:

Now you can modify “/etc/sysconfig/iptables” and “/etc/sysconfig/ip6tables” appropriately for your server configuration. (I will eventually do a more detailed post about iptables.)

Firewall Rules

I like to restrict access to port 7025 to specific IP spaces that I will be managing the mailserver from to harden security a bit more. Use the following rule to restrict access from a specific IP. You can add more than one of these lines for each IP that you might be managing the server from: Replace x.x.x.x with your IP address.

Or if your not that worried about security, you can simply allow connections from anywhere to 7025:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 7025 -j ACCEPT

Don’t forget to restart iptables:

systemctl restart iptables

Web Interface

Your ViMbAdmin interface should be visable now, to test you can access it at: https://mail.domain.com:7025/. It should look like the following page: If you don’t like your “Security Salts” just refresh the page and they get re-generated:

You need to update these keys in your “application.ini” file to continue:

nano $INSTALL_PATH/application/configs/application.ini

Find the following section:

Update your keys accordingly, then move on to creating a Super Administrator user. The email address you use doesn’t necessarily have to be an active email address yet, just don’t loose the password you use to create the account. After creating the account you can login, and should see an empty list of domains configured on your server, you can click the “+” I circled in red on the image below to add a domain. Using ViMbAdmin shouldn’t be too hard to figure out after playing with it for awhile, one thing to remember is if you want to forward email, you need to use an Alias.

Postfix and PostgreSQL

While we have a way to manage the database now, it doesn’t do us much good if Postfix doesn’t look to the database for the mailbox configuration information. We need to configure Postfix to use PostgreSQL. To do that we are going to create some files telling Postfix how to read from the database.

PostgreSQL user for Postfix

First of all Postfix needs to do exactly that READ from the database not WRITE so to keep our mailserver secure, lets create a new PostgreSQL user for Postfix with READ-ONLY privileges. Go ahead and connect to PostgreSQL, don’t forget “sudo” because were doing this as another user: (You will need the secure password you created for the postgres user in the previous part)

sudo -u postgres pgsql

Connect to the vimbadmin database (we don’t want this to be a system-wide user)

\c vimbadmin

Finally create a user for Postfix, and assign it the required roles:

CREATE USER mailreader WITH PASSWORD 'yourpasswordhere';
GRANT CONNECT ON DATABASE vimbadmin TO mailreader;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO mailreader;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO mailreader;
REVOKE CREATE ON SCHEMA public FROM mailreader

Remember all these commaneds happened after “\c vimbadmin” so “public” is actually only changing the “vimbadmin” database. Now we need to adjust “pg_hba.conf” again to allow logon for the new user:

nano /var/lib/pgsql/data/pg_hba.conf

Add the following line just below the one we added earlier:

host vimbadmin mailreader 127.0.0.1/32 md5

Then restart PostgreSQL:

systemctl restart postgresql

Postfix Mappings

Create a directory to hold the new mappings:

mkdir /etc/postfix/pgsql

For all of the next files we create, remember to replace “password” with your password for the mailreader user we just created.

You should have 6 files in your “pgsql” directory if you run “ls -alh /etc/postfix/pgsql/” now:

Using the new files

Now we have created files telling Postfix how to get information out of the database we created with ViMbAdmin, we just need to tell Postfix to use them. To tell Postfix where the files are, we need to edit “main.cf” again.

nano /etc/postfix/main.cf

Add the following lines which tell Postfix what Unix user account to create mailboxes with to the end of main.cf:

Conclusion

We covered a lot of configuration in this section, but now Postfix should be using the PostgreSQL database for virtual domain and user mappings. We also configured a Web Interface (ViMbAdmin) to manage the database Postfix reads from. In the next section we will install Spam and Virus filters using SpamAssassin and ClamAV.

If you missed any of the previous parts, you can check them out using the links below: